Lucene search

K

14 matches found

CVE
CVE
added 2024/01/05 3:15 a.m.199 views

CVE-2024-22075

Firefly III (aka firefly-iii) before 6.1.1 allows webhooks HTML Injection.

6.1CVSS6.2AI score0.00098EPSS
CVE
CVE
added 2021/12/04 12:15 p.m.58 views

CVE-2021-4005

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)

4.3CVSS4.5AI score0.00161EPSS
CVE
CVE
added 2023/01/14 8:15 a.m.55 views

CVE-2023-0298

Incorrect Authorization in GitHub repository firefly-iii/firefly-iii prior to 5.8.0.

6.5CVSS6.4AI score0.00049EPSS
CVE
CVE
added 2023/04/05 4:15 p.m.55 views

CVE-2023-1788

Insufficient Session Expiration in GitHub repository firefly-iii/firefly-iii prior to 6.

9.8CVSS7.3AI score0.00074EPSS
CVE
CVE
added 2021/10/19 1:15 p.m.54 views

CVE-2021-3851

firefly-iii is vulnerable to URL Redirection to Untrusted Site

5.4CVSS5.1AI score0.00169EPSS
CVE
CVE
added 2021/11/13 9:15 a.m.52 views

CVE-2021-3921

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)

5.4CVSS4.7AI score0.00117EPSS
CVE
CVE
added 2021/09/27 1:15 p.m.51 views

CVE-2021-3819

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)

8.8CVSS6.4AI score0.00141EPSS
CVE
CVE
added 2021/12/01 11:15 a.m.46 views

CVE-2021-4015

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)

4.3CVSS4.5AI score0.00117EPSS
CVE
CVE
added 2019/07/18 3:15 a.m.43 views

CVE-2019-13644

Firefly III before 4.7.17.1 is vulnerable to stored XSS due to lack of filtration of user-supplied data in a budget name. The JavaScript code is contained in a transaction, and is executed on the tags/show/$tag_number$ tag summary page. NOTE: It is asserted that an attacker must have the same acces...

5.4CVSS5.3AI score0.00225EPSS
Web
CVE
CVE
added 2019/07/18 3:15 a.m.41 views

CVE-2019-13646

Firefly III before 4.7.17.3 is vulnerable to reflected XSS due to lack of filtration of user-supplied data in a search query. NOTE: It is asserted that an attacker must have the same access rights as the user in order to be able to execute the vulnerability

5.4CVSS5.3AI score0.00281EPSS
CVE
CVE
added 2019/07/18 3:15 a.m.38 views

CVE-2019-13645

Firefly III before 4.7.17.3 is vulnerable to stored XSS due to lack of filtration of user-supplied data in image file names. The JavaScript code is executed during attachments/edit/$file_id$ attachment editing. NOTE: It is asserted that an attacker must have the same access rights as the user in or...

5.4CVSS5.3AI score0.00281EPSS
Web
CVE
CVE
added 2021/10/19 1:15 p.m.38 views

CVE-2021-3846

firefly-iii is vulnerable to Unrestricted Upload of File with Dangerous Type

8.8CVSS7.2AI score0.00237EPSS
CVE
CVE
added 2019/07/18 3:15 a.m.35 views

CVE-2019-13647

Firefly III before 4.7.17.3 is vulnerable to stored XSS due to lack of filtration of user-supplied data in image file content. The JavaScript code is executed during attachments/view/$file_id$ attachment viewing. NOTE: It is asserted that an attacker must have the same access rights as the user in ...

5.4CVSS5.3AI score0.00206EPSS
Web
CVE
CVE
added 2023/04/01 2:15 a.m.33 views

CVE-2023-1789

Improper Input Validation in GitHub repository firefly-iii/firefly-iii prior to 6.0.0.

9.8CVSS7.2AI score0.00038EPSS